This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MasterSomy
Explorer
‎2020-02-19 05:10 AM
Jump to solution

Choose the Machine Authentication Cetificate

Hi,

We wanted to test the new Machine Authentication Feature of the Windows VPN Clients.
we are currently facing the problem that we get one Certificate enrolled by default by our AD and we have the certificate to authenticate our Client. The Problem is the VPN Client tries to use the auto enrolled one, but it doesn't work. If we delete it is functioning.

Is there a method to choose witch one will be used?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-02-25 03:19 PM
Jump to solution

I checked with the relevant R&D owners.
The certificate that is used is the one that has the latest "Not After (Date)."
There isn't a way to choose it otherwise.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2020-02-25 03:19 PM
Jump to solution

I checked with the relevant R&D owners.
The certificate that is used is the one that has the latest "Not After (Date)."
There isn't a way to choose it otherwise.
MasterSomy
Explorer
‎2020-02-25 11:37 PM
In response to PhoneBoy
Jump to solution

Thank you.
That is unfortunate it would be great when we had the option to do that or at least Choose from which CA it will be used so we could guaranty that it would use the right one.
0 Kudos
Milan_Jovanovic
Contributor
‎2020-10-21 03:44 AM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy,

Regarding this solution you described Machine Cert I have few questions:

When we implement Machine Cert is it possible at same time for some LDAP AD users for example in specific group or OU to use just AD user pass authentication without Machine Cert?

 When we implement Machine Cert are we able to authenticate with mobile device (Android,IOS etc) with endpoint client using same AD user for which is mandatory machine cert?

When we use AD + machine cert auth is it possible in same time for some users to use Local defined in SMS user+cert+pass endpoint authentication?

If answers are yes on this questions, can all of this function in same time?

AndreiR
Employee Alumnus
Employee Alumnus
‎2020-10-21 10:27 PM
In response to Milan_Jovanovic
Jump to solution

Hi @Milan_Jovanovic ,

It is not possible to exclude usage of machine certificate for some group of users.

Two more your questions require clarification. Please describe what you would like to use in both cases.

0 Kudos
Milan_Jovanovic
Contributor
‎2020-10-21 11:04 PM
In response to AndreiR
Jump to solution

Thank you AndreiR.

Second question is about how machine certificate work with mobile devices Android IOS which are not domain computers. Can we authenticate on that devices with AD user?

Third question when we setup and use machine authentication for our LDAP users can we for external people that don't have AD account on SMS create local users with pass and cert and use them for authentication for endpoint vpn access?

0 Kudos
TheRealDiZ
Collaborator
‎2020-12-11 01:15 AM
Jump to solution

Hey Guys,

 

If the AD is actually the CA for the machine, in which way do you have to set authentincation on the Check Point VPN Client?

If you choose "certificate" as method when you create the site, the client will ask you to import a certificate.

Is there anyway to configure it smoothly without importing the certificate?

The certificate (since the machine is part of the domain) should be already on the machine that is trying to connect in VPN right?

 

Thanks in advance for your reply! 🙂

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events